if ($currUser == $userId) { if (isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! $token = OC_remoteStorage::createCategories($appUrl, $categories); header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer'); } else { if ($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $existingToken . '&token_type=bearer'); } else { //params ok, logged in ok, but need to click Allow still: $appUrlParts = explode('/', $_GET['redirect_uri']); $host = $appUrlParts[2]; $categories = explode(',', $_GET['scope']); OCP\Util::addStyle('', 'auth'); OCP\Template::printGuestPage('remoteStorage', 'auth', array('host' => $host, 'categories' => $categories)); } } //end 'need to click Allow still' } else { //login not ok if ($currUser) { die('You are logged in as ' . $currUser . ' instead of ' . htmlentities($userId)); } else { // this will display the login page for us OCP\Util::checkLoggedIn(); } } } else { //params not ok die('please use e.g. ' . OCP\Util::linkTo('remoteStorage', 'auth.php') . '?userid=admin&redirect_uri=http://host/path&scope=...'); }